Technology has been a runaway train of innovation and ingenuity since conception. The strides that we’ve made in advancing our world have been nothing short of incredible within the past few decades with artificial intelligence, cloud adoption, and numerous recent milestone achievements, we’ve been more reliant on digital infrastructure than ever before. It is precisely this level of reliance that allowed cyber-attacks in the modern world to thrive and disrupt in the year 2022.
A cyber-attack is a malicious act carried out by cyber criminals to destabilize, infiltrate or disrupt a digital system. There is a multitude of cyber-attack methods in existence, however, the main purpose always boils down to the exploitation of weaknesses and loopholes in the victim’s networks to cause damage or for personal gain. Cyber-attacks disrupt business operations, steal sensitive data, and conscript computers and networks as proxies to launch further attacks against other victims or hold systems and data for ransom. These are not the friendly type of sophisticated advances brought about by the technological revolution. However, there are technologies available such as network firewalls, and EDR endpoint security that protects enterprises from such devasting hacks.
As humans, it is only through looking at our past that we may save our future. The mistakes and shortcomings of our previous encounters with threats are what make us weary and prepared for later on. This is why we are looking at some of the biggest cyber-attacks and statistics that have shaken global headlines in 2022.
Recent Cyber-Attack of 2022 Statistics
The following cybersecurity statistics and security incidents are eye opening for any business enterprises.
- In 2022, 70% of respondents worldwide stated that their company was threatened by cyber-attacks. (Statista)
- Between October and December of 2022, Lithuania saw the highest number of cyber threats worldwide - with 46.8 threats per 100 scans. South Korea ranked second, with over 40 threats, while Italy followed, detecting around 35 threats per 100 scans. (Statista)
- Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. (Gartner)
- Between October 2021 and September 2022, malware was the most common type of cyber-attack used on manufacturing organizations - targeting around 37% of organizations worldwide. Network and application anomalies ranked second with 23% while system anomalies followed with 20%. (Statista)
- According to a 2022 report, 39% of US respondents expect the overall number of cyber-attacks, as well as the number of successful attacks to increase. (Statista)
- 1802 cases of data compromise were recorded in the US in 2022. (Statista)
- Over 422 million individuals were affected by data compromise in the US alone in 2022 - including data breaches, data leakage, and data exposure. (Statista)
- Estimates from Statista’s Cybersecurity Outlook show that the global cost of cybercrime is expected to surge in the next five years - rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. (Statista)
In February of 2022, car manufacturing giant Toyota announced that it had been the victim of a cyber-attack that led to the suspension of operations across 28 lines at 14 plants in Japan. In a statement released, the company described the attack as a “system failure” at its domestic supplier - Kojima Industries. The suspension of operations led to the loss of around 13,000 cars.
IHG Cyber-Attack 2022
The InterContinental Hotel Group (IHG) confirmed in late September of last year that its Holiday Inn Hotel subsidiary was hit by a cyber-attack. In a statement released by the IHG, they reported that parts of the company’s digital infrastructure were subject to unauthorized activity.
While no data loss was recorded after the incident, booking channels and other applications were disrupted. The attack was carried out by a Vietnamese couple that went by the name ‘TeaPot’ who reached out to the through a telegram to admit to the crime. The duo attached screenshots to prove that they had gained access to the company's internal Outlook emails, Microsoft Teams chats, and server directories - which IHG confirmed were all authentic.
The couple also admitted to originally attempting a ransomware attack against the hotel conglomerate but failure in their attempts led to them issuing a wiper malware instead – destroying all the data they accessed. The IHG network was breached through a phishing scheme in which an employee was tricked into downloading a malicious piece of software through an email attachment. The EDR or endpoint security softwares protects each machine from being hacked with phishing email attachments.
The hacker couple explained that "the username and password to the vault were available to all employees,” indicating that almost 200,000 staff could see and that the password itself was extremely weak – revealed later as “Qwerty1234.”
The IHG spokesperson disputed claims about the vault’s password and insisted that the attackers had to pacify "multiple layers of security" – without giving any details about what exactly those security measures were. This is the reason why Sangfor suggests having managed cloud services and using enterprise hybrid cloud essential for your business.
Adding insult to injury, a group of hotel franchisees based in Louisiana and three other US states have since filed a lawsuit against IHG Hotels and Resorts - claiming that the early September cyber-attack cost them millions of dollars in lost revenue.
Learn more about the IHG incident here.
Cyber-Attacks On Banks 2022
The banking sector is one of the major hit in our list of recent cyber-attacks 2022. Cyber-attacks on the financial sector have expensive and debilitating consequences. The Boston Consulting Group’s ‘Global Wealth 2019: Reigniting Radical Growth’ report stated that finance firms are 300 times more likely than other companies to be targeted by a cyber-attack.
The 2022 banking landscape was no stranger to these targeted threats. According to Statista, between October 2021 and September 2022, the use of malware was the most common type of cyber-attack in financial and insurance organizations. Malware attacks can be investigated by incident response team and can be prevented using hardware firewall installed at your network.
VTB Bank Cyber-Attack
VTB Bank, Russia's second-largest financial institution, suffered a massive Distributed-Denial of Service attack in December of 2022. The establishment said it was the worse cyber-attack in its history after the banking website and mobile apps were taken offline. While the services were disrupted, the bank reassured clients that customer data is stored within the internal perimeter of the bank and was not breached in any way.
Bleeping Computer reported that VTB is 61% state-owned – giving the attacks a political vantage point as an indirect blow to the Russian government. The pro-Ukraine hacktivist group, 'IT Army of Ukraine,' claimed responsibility for the DDoS attacks against the Russian VTB organization - announcing the campaign on Telegram at the end of November.
OP Financial Group Cyber-Attack
In January, the OP Financial Group was the victim of a cyber-attack that disrupted services. The self-proclaimed biggest bank in Finland said that the attack affected logins which were quickly restored shortly afterward and that no customer data was breached.
Flagstar Bank Cyber-Attack
An investigation into a massive data breach of the US Flagstar Bank concluded last year – finding that almost 1.5 million customers were affected. The breach resulted in the exposure of social security numbers, banking information, and personal details and appears to have begun as early as December 2022 but the organization held off on disclosing it until it could be investigated.
Hospital Cyber-Attacks 2022
The hacker groups also not left the hospital during the recent cyber-attacks in 2022. Cyber-attacks that target hospital infrastructure result in a lot more than just financial loss. The disruption of critical services provided could lead to injuries and loss of life. Hospitals suffering from cyber-attacks often have to take systems offline and interrupt crucial procedures and appointment bookings that could affect thousands of patients.
These attacks happen because of network vulnerabilities and absence of network security firewall such as NGFW. Hospitals are more likely to pay off a ransomware attack to ensure the continuation of care.
Doctors’ Center Hospital
The Doctors’ Center Hospital reported a breach to the health department in November. Based in Puerto Rico, the hospital system cyber-attack compromised the data of more than 1.19 million people. While the organization said in a statement on its website that no misuse of patient information was reported, data breach letters were sent out to every patient who may have been affected.
Andre-Mignot Hospital Cyber-Attack
The André-Mignot teaching hospital shut down operations due to a ransomware attack in noticed in December. The cyber criminals demanded a ransom amount after telephone services, the internet, and all computer systems were cut off. The regional health agency (ARS) said that the hospital canceled operations, but did everything possible to keep walk-in services and consultations running.
Health Minister Francois Braun said that six patients were transferred already - three from intensive care and three from the neonatal unit. The minister stated that the attack led to “a total reorganization of the hospital,” and that while the machines were still functioning in the intensive care unit, more people were needed to watch the screens as they were no longer working as part of a network. French law forbids the payment of ransoms by public establishments.
Healthcare Cyber-Attacks 2022
According to Statista, the healthcare industry is one of the most vulnerable sectors to cybercrime in the list of recent cyber-attacks 2022. Between October 2021 and September 2022, the healthcare sector saw a variety of cyber-attacks – including 63% of network and application anomalies and 22% of malware threats. These network anomalies can be prevented through network traffic analysis tools and by using secure internet gateway.
Goodman Campbell Brain and Spine
In Indiana, Goodman Campbell Brain and Spine admitted in a report that they were the victims of a ransomware attack that resulted in the release of almost 363,000 patient files being leaked onto the dark web.
Advocate Aurora Health
The health system said out of caution, all users of Advocate Aurora MyChart accounts, the LiveWell application, and anyone who used the health system’s scheduling widgets were presumed to have been affected. The system said it hasn’t found any evidence of fraud stemming from the incident and that the pixels were very unlikely to result in identity theft or any financial harm.
The preliminary analysis made by security experts revealed that hackers accessed IP addresses, dates and times of scheduled appointments, overviews of patient medical histories, insurance data, and proxy account information. A sophisticated NDR platform can help to detect such incidents efficiently.
In August 2022, U.S. healthcare provider Novant Health also disclosed its improper use of Meta Pixel in its implementation of the 'MyChart' portal - which exposed 1.3 million patients.
CommonSpirit Health Cyber-Attack
The second largest non-profit health system, CommonSpirit Health was the victim of a cyber-attack in October that compromised the personal data of over 600,000 patients, records – which allegedly caused one child to be accidentally given five times the amount of medication needed.
The incident interrupted access to electronic health records and delayed patient care in multiple regions. In an update released in December, the company confirmed it suffered a ransomware attack and stated that threat actors gained access to portions of its network between September 16 and October 3. The organization also clarified that the attackers “may have gained access to certain files, including files that contained personal information” belonging to patients who received care or family members of those who received care at Franciscan Health, a 12-hospital affiliate of CommonSpirit Health.
Bleeping Computer noted that the U.S. Department of Health data breach portal — where healthcare organizations are legally obligated to report data breaches impacting more than 500 individuals — confirms that threat actors accessed the personal data of 623,774 patients during the CommonSpirit ransomware attack.
Cyber-Attacks On Critical Infrastructure 2022
Critical infrastructure sectors are responsible for the priority functions of society. These sectors include energy production sites, water production, supply chains, healthcare, food production, and agriculture. According to Microsoft’s 2022 Digital Defense Report, cyber-attacks aimed at critical infrastructure worldwide were up to 40% of all nation-state attacks
These networks are all reliant on one another and we are entirely reliant on them – meaning a cyber-attack on any critical infrastructure has dire ripple effects that can destabilize an entire population. Gartner has estimated that by 2025, hackers would have weaponized a critical infrastructure cyber-physical system (CPS) to successfully harm or kill humans.
Supply Chain Cyber-Attacks
Cyber-attacks on supply chains are on the rise globally. Supply chain disruptions cause a mass domino effect on manufacturing, shipping, and consumers. Gene Seroka, the executive director at the Port of Los Angeles told the in 2022 that the number of cyber-attacks that target the port is now around 40 million monthly and that they face daily ransomware, malware, spear phishing, and credential harvesting attacks - to cause as much disruption as possible and slow down economies.
In February of 2022, Reuters reported that energy supplier giant, Shell, had rerouted oil supplies to other depots after a cyber-attack on two subsidiaries of German logistics firm Marquard & Bahls. The companies discovered they were affected by an attack in January that had disrupted its IT systems and supply chain.
Supply chain attacks are no new feature though. Just last year, the top US fuel pipeline operator Colonial Pipeline had to shut down its entire network - the source of nearly half of the US East Coast's fuel supply - after a ransomware attack that was coined as one of the most disruptive digital operations ever reported. Colonial Pipeline revealed that it paid hackers nearly $5 million to regain access to its systems.
Conti Ransomware Attack in Costa Rica
The Conti Ransomware Attack cyber-attack on the country of Costa Rica made multiple headlines last year in April as well. The president of the country, Rodrigo Chaves Robles, declared a national state of emergency after a string of ransomware attacks halted Costa Rica’s economy - affecting several branches of government and the public sector at large. It was estimated at the time the stagnancy of the economy was costing the country at least $38 million each day that they were down.
The attack was initiated by Conti- a popular ransomware group. The hackers initially targeted the country’s Ministry of Finance, demanding a $10 million ransom, which the government declined to pay while still under the previous presidency. Tax administration and customs services were rendered out-of-service which disrupted various digital finance services - such as payments, taxpaying, and services billing. After a public refusal to pay the ransom, the Conti group published 97% of the data it had been using as collateral onto its website.
While the hacking group may not have been trying to make a political statement, their geopolitical state and association with Russia played a significant role in Costa Rica’s ransomware attack.
After their publicized support for the Russian invasion of Ukraine, Conti lost a great deal of public support. Costa Rica continues to suffer the effects of these attacks, and it does not look as though it will fully recover any time soon.
US Government Cyber-Attacks
Currently, the FBI's Cyber Sector’s Most Wanted list features over 100 individuals and groups that conspired to commit damaging crimes against the US government - including computer intrusions, wire fraud, identity theft, espionage, trade secret theft, and many more.
According to Security Week, 105 local governments in the US were hit with ransomware, along with 44 universities and colleges, 45 school districts, and 25 healthcare providers. The school districts impacted more than 1,900 individual schools, while the healthcare provider incidents hit 290 hospitals. Such incidents result in high demand of EDR and network firewalls.
The publication goes on to state that of the 105 known ransomware incidents involving US state or municipal governments or agencies in 2022, at least 27 also resulted in a data breach. In Miller County, malware spread from a compromised mainframe to systems in 55 different counties resulting in data being stolen from all of them.
Preventing Cyber-Attacks Going into 2023
A 2022 survey found that 80% of global corporate executives deemed meeting the legal cybersecurity and data protection requirements imposed on companies was an effective solution. Among other cybersecurity-related activities that were considered effective was the installation of technologies that protect data and IT assets from cyber-attacks.
At Sangfor Technologies, we commit to bringing you secure and reliable cybersecurity solutions that will ensure you stay safe from any type of cyber-attack. Our wide range of products and platforms will ensure the highest level of protection for your network and organization at all times.
- The Sangfor Next Generation Firewall (NGFW) is used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints. The advanced firewall is a security device designed to inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Anything that the on-premises features cannot analyze is automatically sent to the cloud-based Neural-X sandbox for isolation and critical inspection.
- Additionally, Sangfor’s Disaster Recovery Management provides a full range of disaster recovery solutions based on the customer’s Recovery Time and Recovery Point Objective (RPO and RTO) requirements in a simple, resilient, and manageable way. Companies should make the continuity of their business a pivotal point despite any cyber-attack trying to halt operations – Sangfor’s DR has key features in place to ensure this can happen seamlessly without any data loss.
- Incident Response is a Sangfor service geared towards flexible, fast, and effective elimination and prevention of cyber-attacks. The focus of incident response is locating and eradicating threats while implementing active disaster recovery and providing tailored analysis to help safeguard your company from future cyber-attacks. Sangfor understands that the strongest test of whether an incident response plan is strong is the organization’s ability to recover from the incident.
- Lastly, the Sangfor Cyber Command (NDR) Platform helps to monitor for malware, residual security events, and future potential compromises in your network. The Cyber Command solution is coupled with Threat Intelligence and an enhanced AI algorithm to keep you updated with any vulnerabilities in the system and any threats detected.